NPM Packages with JFrog CLI

January 15, 2018

By Batel Tova

SHARE:

JFrog CLI is a compact and smart client that provides a simple interface and greatly simplifies working with JFrog Artifactory. The simplified commands enable you to create readable automation scripts that are easy to maintain, efficient and reliable.

From version 1.13.1, JFrog CLI has extended its support to include npm packages, in addition to its Maven and Gradle build support. This blog post describes the available npm commands that work with the npm client to manage your npm builds. Using the JFrog CLI, you can:

Collect and Publish your npm build information to Artifactory

Trace your builds easily once you have published the build information to Artifactory

4. Publish npm Packages

Important Note:Required changes to existing npm scriptsIf you already have npm scripts, we recommend renaming your existing prepublish and postpublish scripts in the package.json file. When the npm-publish command runs, the JFrog CLI runs the pack command in the background and not the standard publish command. If your npm package includes the prepublish or postpublish scripts, rename them to prepack and postpack, respectively.

After running the build publish command, you can review the build information, and publish the modules and environment variables in Artifactory.

5. Scan Your Build

JFrog Xray works with Artifactory to perform universal analysis of binary software components at any stage of the application lifecycle. By scanning binary components and their metadata, recursively going through dependencies at any level, Xray provides unprecedented visibility into issues lurking in components anywhere in your organization.

To scan your build using Xray, you need to configure a new watch for the build as follows:

It’s recommended to add an action to the watch. Multiple actions can be selected by clicking Add Action.

JFrog CLI is integrated with JFrog Xray through JFrog Artifactory allowing you to have build artifacts and dependencies scanned for vulnerabilities and other issues. This integration requires JFrog Artifactory v4.16 and above and JFrog Xray v1.6 and above.

To scan a build, use the following command:

$jfrog rt bs bootstrap 1.0.0

6. Promote the Build

Build promotion is usually used after testing or build scan, optionally moving or copying the build artifacts and its dependencies to a target repository.

Use the build promote command to promote the build in Artifactory after scanning the build. You can add a number of optional flags to the command. For example, the –comment and –status flags.

To promote the build, run the following command:

$jfrog rt bpr bootstrap 1.0.0 npm-virtual

The promoted build in Artifactory:

That’s it, you’re done!

Keep a lookout for our future posts on using JFrog CLI with Travis CI, as well as sorting and limiting your build output.